Skip to main content

Zendesk email verification: a welcome step in the right direction

4 March 2026

commentary opinion security zendesk

Zendesk has announced that from 9th March 2026, anonymous ticket submissions via the help centre web form, Support SDK, and Web Widget (Classic) will require email verification before they’re processed. Unverified tickets land in the suspended queue. No verification, no ticket, no notification.

If you’ve been following our coverage of the spam relay problem, you’ll recognise this as a direct response to exactly what we’ve been talking about. It’s a sensible move and one that’s long overdue.

The practical implications for your team are real though. Legitimate users who don’t check their email promptly — or whose verification email lands in spam — will end up with suspended tickets. You need a process to handle that. Zendesk recommends enabling suspended ticket notifications so your team is alerted when tickets are held, and agents need to know how to recover them.

Want this and more in your inbox weekly?

Zendesk news, honest opinions, one email every Friday.

This won’t catch everything. Attackers with access to real (or disposable) email addresses can still verify. But it raises the cost of abuse significantly and eliminates the trivially automated attacks that have been causing so much noise.

Good step. Now let’s talk about scoped API tokens.